quasar | dad97f307f734fde769cdd8c471193bb2c7e3c8101e8c6af95e6635cc58d3868 | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...96.exe

windows7-x64

JaffaCakes...96.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_5cc235bca992542d2a9f412e32cdd196
Size

1.2MB
Sample

250107-l54cdswpcx
MD5

5cc235bca992542d2a9f412e32cdd196
SHA1

554595bcc147b930f072508c99bad03d56f596d1
SHA256

dad97f307f734fde769cdd8c471193bb2c7e3c8101e8c6af95e6635cc58d3868
SHA512

8dee4b1fe1c2af90c3fb7b3a2f6944a156b51c36679843ad959b5227b8582c852f57304f6bf2a06c70ea1243a4fc6245ede126b070001b347ba46b703dc9ff57
SSDEEP

12288:QZ47sidAz4J1l+1Ax7olDAvE6wN7pug/6nA99vM6Pphf0y/yrsaMJcR/V0:Q2LdG4J14qx0lPrYA9tM6PphfF4sId0

Score

10^/10

quasar word agilenet discovery spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_5cc235bca992542d2a9f412e32cdd196.exe

Resource

win7-20240729-en

quasar word discovery spyware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_5cc235bca992542d2a9f412e32cdd196.exe

Resource

win10v2004-20241007-en

quasar word discovery spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Word

C2

live.nodenet.ml:8863

Mutex

754ce6d6-f75b-4c6f-964c-3996e749369e

Attributes

encryption_key
8F8DE0B9E0A9CA156684061043456EC2CF7D0A6D
install_name
Word.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System
subdirectory
WordW

Targets

- Target
  
  JaffaCakes118_5cc235bca992542d2a9f412e32cdd196
- Size
  
  1.2MB
- MD5
  
  5cc235bca992542d2a9f412e32cdd196
- SHA1
  
  554595bcc147b930f072508c99bad03d56f596d1
- SHA256
  
  dad97f307f734fde769cdd8c471193bb2c7e3c8101e8c6af95e6635cc58d3868
- SHA512
  
  8dee4b1fe1c2af90c3fb7b3a2f6944a156b51c36679843ad959b5227b8582c852f57304f6bf2a06c70ea1243a4fc6245ede126b070001b347ba46b703dc9ff57
- SSDEEP
  
  12288:QZ47sidAz4J1l+1Ax7olDAvE6wN7pug/6nA99vM6Pphf0y/yrsaMJcR/V0:Q2LdG4J14qx0lPrYA9tM6PphfF4sId0
Score

10^/10

quasar word discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarworddiscoveryspywaretrojan

behavioral2

quasarworddiscoveryspywaretrojan

© 2018-2025

Terms | Privacy